[go: up one dir, main page]

EP2378711A1 - Implémentation de politique de réseau pour appareil de machine multi-virtuelle - Google Patents

Implémentation de politique de réseau pour appareil de machine multi-virtuelle Download PDF

Info

Publication number
EP2378711A1
EP2378711A1 EP11159372A EP11159372A EP2378711A1 EP 2378711 A1 EP2378711 A1 EP 2378711A1 EP 11159372 A EP11159372 A EP 11159372A EP 11159372 A EP11159372 A EP 11159372A EP 2378711 A1 EP2378711 A1 EP 2378711A1
Authority
EP
European Patent Office
Prior art keywords
network
virtual machine
policy
computing device
virtual
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Granted
Application number
EP11159372A
Other languages
German (de)
English (en)
Other versions
EP2378711B1 (fr
Inventor
Richard Sharp
David Scott
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Citrix Systems Inc
Original Assignee
Citrix Systems Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Citrix Systems Inc filed Critical Citrix Systems Inc
Priority to EP15175954.5A priority Critical patent/EP2958257B1/fr
Publication of EP2378711A1 publication Critical patent/EP2378711A1/fr
Application granted granted Critical
Publication of EP2378711B1 publication Critical patent/EP2378711B1/fr
Active legal-status Critical Current
Anticipated expiration legal-status Critical

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0894Policy-based network configuration management
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/20Network architectures or network communication protocols for network security for managing network security; network security policies in general
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45583Memory management, e.g. access or allocation
    • GPHYSICS
    • G06COMPUTING OR CALCULATING; COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F9/00Arrangements for program control, e.g. control units
    • G06F9/06Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
    • G06F9/44Arrangements for executing specific programs
    • G06F9/455Emulation; Interpretation; Software simulation, e.g. virtualisation or emulation of application or operating system execution engines
    • G06F9/45533Hypervisors; Virtual machine monitors
    • G06F9/45558Hypervisor-specific management and integration aspects
    • G06F2009/45595Network integration; Enabling network access in virtual machine instances
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0803Configuration setting
    • H04L41/0813Configuration setting characterised by the conditions triggering a change of settings
    • H04L41/0816Configuration setting characterised by the conditions triggering a change of settings the condition being an adaptation, e.g. in response to network events
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/08Configuration management of networks or network elements
    • H04L41/0895Configuration of virtualised networks or elements, e.g. virtualised network function or OpenFlow elements

Definitions

  • a control program executing within the virtualization environment on a computing device, receives an event notification generated by a virtual machine responsive to a lifecycle event.
  • the control program invokes a policy engine that applies a network policy to existing network configurations of the virtualization environment.
  • the network policy can correspond to a virtual machine, a network interface in the virtual machine, or a network.
  • the policy engine then identifies a existing network configuration having attributes that satisfy the network policy, and selects a network implementation that satisfies the network configuration and the network policy.
  • the computing environment 101 can include an appliance installed between the server(s) 106 and client machine(s) 102.
  • This appliance can mange client/server connections, and in some cases can load balance client connections amongst a plurality of backend servers.
  • Still other embodiments include a server 106 that executes any one of the following types of hosted server applications: GOTOMEETING provided by Citrix Online Division, Inc.; WEBEX provided by WebEx, Inc. of Santa Clara, California; or Microsoft Office LIVE MEETING provided by Microsoft Corporation.
  • the multiple processing units can be included in a single integrated circuit (IC).
  • IC integrated circuit
  • One embodiment of the computing device 100 provides support for any one of the following installation devices 116: a CD-ROM drive, a CD-R/RW drive, a DVD-ROM drive, tape drives of various formats, USB device, a bootable medium, a bootable CD, a bootable CD for GNU/Linux distribution such as KNOPPIX®, a hard-drive or any other device suitable for installing applications or software.
  • Applications can in some embodiments include a client agent 120, or any portion of a client agent 120.
  • the computing device 100 may further include a storage device 128 that can be either one or more hard disk drives, or one or more redundant arrays of independent disks; where the storage device is configured to store an operating system, software, programs applications, or at least a portion of the client agent 120.
  • a further embodiment of the computing device 100 includes an installation device 116 that is used as the storage device 128.
  • the computing machine 100 can be embodied in any one of the following computing devices: a computing workstation; a desktop computer; a laptop or notebook computer; a server; a handheld computer; a mobile telephone; a portable telecommunication device; a media playing device; a gaming system; a mobile computing device; a netbook; a device of the IPOD family of devices manufactured by Apple Computer; any one of the PLAYSTATION family of devices manufactured by the Sony Corporation; any one of the Nintendo family of devices manufactured by Nintendo Co; any one of the XBOX family of devices manufactured by the Microsoft Corporation; or any other type and/or form of computing, telecommunications or media device that is capable of communication and that has sufficient processor power and memory capacity to perform the methods and systems described herein.
  • Executing on one or more of the physical processors 208 can be one or more virtual machines 232A-C (generally 232). Each virtual machine 232 can have a virtual disk 226A-C and a virtual processor 228A-C.
  • a first virtual machine 232A can execute, on a virtual processor 228A, a control program 220 that includes a tools stack 224.
  • one or more virtual machines 232B-C can executed, on a virtual processor 228B-C, a guest operating system 230A-B.
  • the hardware layer 210 can include one or more physical disks 204.
  • a physical disk 204 can be any hard disk, while in some embodiments a physical disk 204 can be any hard disk described herein.
  • the hardware layer 210 can include one physical disk 204. In other embodiments, the hardware layer 210 can include more than one physical disk 204.
  • the computing device 201 in some embodiments, can communicate with an external hard disk that is included in the hardware layer 210 as a physical disk 204.
  • Physical devices 206 can be any device included in the computing device 201. In some embodiments, physical devices 206 can be any combination of devices included in the computing device 201 and external devices that communicate with the computing device 201.
  • the computing device 201 in some embodiments, can include one or more physical devices 206.
  • a physical device 206 can be any of the following: a network interface card; a video card; a keyboard; a mouse; an input device; a monitor; a display device; speakers; an optical drive; a storage device; a universal serial bus connection; any device connected to the computing device 201; any device communicating with the computing device 201; a printer; a scanner; or any other device or device described herein.
  • Firmware 212 in some embodiments, can be any combination of executable instructions and hardware that controls hardware communicating with or included within the computing device 201. In some embodiments, the firmware 212 can control one or more pieces of hardware within the hardware layer 210. Firmware 212, in many embodiments, can be executed by one or more processors 208 within the computing device 201. In some embodiments, the firmware 212 can be boot firmware such as the basic input/output system (BIOS.) Additional firmware 212 executing on the computing device 201 can interface with the BIOS.
  • BIOS basic input/output system
  • the computing device 201 can include an operating system 214 executed by one or more physical processors 208.
  • the operating system 214 is a user operating system that can directly access the hardware devices in the hardware layer 210.
  • the operating system 214 can be any operating system and in some embodiments, the operating system 214 can be any operating system described herein.
  • Figure 2A illustrates one embodiment where the hypervisor 202 executes within the context of the operating system 214 executing on the computing device 201.
  • the operating system 214 can be referred to as a host operating system 214, while the other operating systems can be referred to as guest operating systems.
  • Guest operating systems can include the guest operating systems 230A-B executing on the virtual machines 232, and/or the control program 220.
  • the hypervisor 202 can provide virtual resources to operating systems 230 or control programs 220 executing on virtual machines 232 in any manner that simulates the operating systems 230 or control programs 220 having direct access to system resources.
  • System resources can include: physical devices; physical disks; physical processors; physical memory 216 and any other component included in the computing device 201 hardware layer 210.
  • the hypervisor 202 may be used to emulate virtual hardware, partition physical hardware, virtualize physical hardware, or execute virtual machines that provide access to computing environments.
  • the hypervisor 202 controls processor scheduling and memory partitioning for a virtual machine 232 executing on the computing device 201.
  • the hypervisor 202 can create a virtual machine 232A-B (generally 232) in which an operating system 230 executes.
  • the hypervisor 202 loads a virtual machine image to create a virtual machine 232.
  • the hypervisor 202 executes an operating system 230 within the virtual machine 232.
  • the virtual machine 232 executes an operating system 230.
  • the computing device 201 can host or execute one or more virtual machines 232.
  • a virtual machine 232 can be called a domain, a guest and/or a DOMAIN U.
  • a virtual machine 232 is a set of executable instructions that, when executed by a processor 208, imitate the operation of a physical computer such that the virtual machine 232 can execute programs and processes much like a physical computing device. While Figure 2A illustrates an embodiment where a computing device 201 hosts three virtual machines 232, in other embodiments the computing device 201 can host any number of virtual machines 232.
  • the hypervisor 202 provides each virtual machine 232 with a unique virtual view of the physical hardware, memory, processor and other system resources available to that virtual machine 232.
  • the hypervisor 202 can execute the control program 220 within a virtual machine 232.
  • the hypervisor 202 can create and start the virtual machine 232.
  • that virtual machine 232 can be referred to as the control virtual machine 232.
  • the control program 220 executes within a virtual machine 232 that is authorized to directly access physical resources on the computing device 201.
  • control program 220 interacts with one or more guest operating systems 230A-B (generally 230.)
  • the control program 220 can communicate with the guest operating systems 230 through a hypervisor 202.
  • the hypervisor 202 Through the hypervisor 202, the guest operating system 230 can request access to physical disks 204, physical processors 208, memory 216, physical devices 206 and any other component in the hardware layer 210.
  • the guest operating systems 230 can communicate with the control program 220 via a communication channel established by the hypervisor 202, such as, for example, via a plurality of shared memory pages made available by the hypervisor 202.
  • Illustrated in Figure 2B is another embodiment of a virtualization environment that illustrates a Type 1 hypervisor 202.
  • Executing on the computing device 201 is a hypervisor 202 that can directly access the hardware and resources within the hardware layer 210.
  • Virtual machines 232 managed by the hypervisor 202 can be an unsecure virtual machine 232B and/or a secure virtual machine 232C.
  • the virtualization environment depicted in Figure 2A illustrates a host operating system 214
  • the virtualization environment embodiment in Figure 2B does not execute a host operating system.
  • the virtualization environment includes a Type 1 hypervisor 202.
  • Type 1 hypervisors 202 execute on "bare metal," such that the hypervisor 202 has direct access to all applications and processes executing on the computing device 201, all resources on the computing device 201 and all hardware on the computing device 201 or communicating with the computing device 201. While a Type 2 hypervisor 202 accesses system resources through a host operating system 214, a Type 1 hypervisor 202 can directly access all system resources.
  • the Type 1 hypervisor 202 can execute directly on one or more physical processors of the computing device 201, and can include program data stored in the physical memory 216.
  • the host operating system can be executed by one or more virtual machines 232.
  • a user of the computing device 201 can designate one or more virtual machines 232 as the user's personal machine.
  • This virtual machine can imitate the host operating system by allowing a user to interact with the computing device 201 in substantially the same manner that the user would interact with the computing device 201 via a host operating system 214.
  • a virtual machine's 323 ability to access one or more system resources can be configured using a configuration interface generated by either the control program 220 or the hypervisor 202.
  • the level of access afforded to a virtual machine 232 can be the result of a review of any of the following sets of criteria: the user accessing the virtual machine; one or more applications executing on the virtual machine; the virtual machine identifier; a risk level assigned to the virtual machine based on one or more factors; or any other similar criteria.
  • FIG. 3A Illustrated in Figure 3A is an embodiment of a computing device 201 that executes a virtualization environment 302 and that has a hardware layer 210 that can include multiple network interface cards (NIC) 316A-316N.
  • the virtualization environment 302 can include a control virtual machine 340, one or more additional virtual machines 232A-232B and a hypervisor 202.
  • each additional virtual machine 232 can execute a guest operating system (guest OS) 230A-230B, and can include one or more virtual interface (VIF) objects 332A-332N.
  • the control virtual machine 340 can execute a control program 220 and a network policy engine 322.
  • the control program 220 can include a tool stack 224 and one or more network objects 335A-335B that include or implement network policies 320A-320B.
  • the hardware layer 210 can be any hardware layer 210 described herein and can include any computer hardware described herein.
  • the hardware layer 210 can include one or more NICs 316A-316N.
  • the computing device 201 can include a single NIC 316, two NICs 316 or any other number of NICs 316.
  • the NIC 316 can be any NIC, and each NIC 316 included in the hardware layer 210 can either be the same NIC or can be different types of NICs.
  • the virtualization environment 302 executing on the computing device 201 can be any virtualization environment described herein.
  • the virtualization environment 302 can include any hypervisor configuration, such as the hypervisor configuration illustrated in Figure 2A or the hypervisor configuration illustrated in Figure 2B .
  • the hypervisor 202 included in the virtualization environment 302 can be any hypervisor 202, or any hypervisor 202 described herein.
  • Figure 3A illustrates a computing machine 302 that includes a virtualization environment 302 which includes a control virtual machine 340, such as any control virtual machine 340 described herein.
  • the control virtual machine 340 can execute a control program 220, such as any control program 220 described herein.
  • the control program 220 can, in some embodiments, include a tool stack 224 which can include metadata that describes one or more network configurations.
  • Figure 3A illustrates a virtualization environment 302 that includes a control virtual machine 340 and two additional virtual machine 232A-232B, in some embodiments the virtualization environment 302 can include any number of virtual machines 232.
  • the virtual machines 232 can execute a guest operating system 230, such as any guest operating system 230 described herein.
  • the control program 220 can further include one or more network objects 335A-335B.
  • Figure 3A illustrates network objects 335A-335B (hereinafter generally referred to as network objects 335) included in the control program 220
  • the network objects 335 can be stored in any of the following places: the control virtual machine 340; the tool stack 224 metadata; or a remote storage repository located on a remote virtual machine 232 or a remote physical machine.
  • a network object 335 in some embodiments, can be an object configured to connect to one or more VIF objects 332.
  • the network object 335 can execute one or more network policies 320A-320B.
  • the network object 335 can define a particular network policy.
  • Figure 3A illustrates a virtualization environment 302 that includes two network objects 335A-335B.
  • the virtualization environment 302 can include a single network object 335, or multiple network objects 335.
  • Network objects 335 in some embodiments, can connect with VIF objects 332 within the same virtualization environment 302, e.g. the same virtualization environment 302 that encompasses the network objects 335 and the VIF objects 332.
  • the network objects 335 can connect with VIF objects 332 located on the same physical machine 201 as the network objects 335, and/or VIF objects 332 that are located on a different physical machine than the physical machine 201 on which the network objects 335 are located.
  • a network object 335 on one computing device 201 can connect with VIF objects 332 on another computing device remotely located from the initial computing device 201.
  • These attributes can include: whether and how to encrypt data transmitted over the connection; which NIC cards to use to establish the connection; whether to restrict network traffic to a particular physical computer 201; whether to avoid transmitting network traffic to a particular virtual machine 232; whether network traffic can or should be transmitted over a physical NIC 316 to virtual machines 232 executing on a remote physical computer; whether to compress data before transmitting over the network; any other network attribute.
  • Configuring the attributes of a network connection can further include specifying sub-attributes such as the type of encryption algorithm, the type of NIC card, and other similar sub-attributes.
  • the network object 335 will continue to implement a network configuration that prevents network traffic from being routed or otherwise transmitted to a virtual machine containing the specified tag. Therefore, when the network policy 320 is implemented, any virtual machine 232 in the new virtualization environment 302 or computer 201 that stores or is associated with the specified tag will be avoided such that it will not receive network traffic.
  • One example of a policy language can include the following:
  • the policy engine 322 can be invoked by the virtualization environment 302 or directly by the virtual machine 232 experiencing the lifecycle event. Upon being invoked, the network policy engine 322 can perform one or more functions including identifying one or more network objects 335 that correspond to the VIF object(s) included in the virtual machine 232 experiencing the life event. When the network policy engine 322 fails to identify a network object 335 that includes a network configuration that matches up with one or more VIF objects of the virtual machine 232, an error can be thrown by the network policy engine 322 indicating that a network configuration could not be assembled.
  • the VIF object 332 can communicate with other VIF objects 332 on a remote physical computer such that a local network is established between the VIF objects 332, however, the local network requires interfacing with a NIC 316 to establish the local network with those VIF objects 332 on the remote computer.
  • the network policy or configuration of the network object 335 can outline the attributes of the network created between the VIF objects 332.
  • each virtual machine 232 can generate a notification when a lifecycle event occurs.
  • a lifecycle event can include: starting or restarting a virtual machine; stopping a virtual machine; migrating a virtual machine; or other similar lifecycle events.
  • the notification can include the generation of an alert that the virtual machine 232 can transmit to a control virtual machine 340.
  • a lifecycle event occurs, a determination can be made by a virtualization environment 302 as to whether a networking topology is required for that virtual machine 232.
  • the networking topology can be created using network policies, and in some embodiments can include establishing a local network between the virtual machine 232 and other virtual machines, or establishing a connection between the virtual machine 232 and a physical network interface card 316.
  • the control program 220 or virtualization environment 302 can create the network topology in accordance with one or more network policies 320.
  • the virtualization system 390 can be an environment where multiple computing device 201 executing their own virtualization environment 302, can communicate with one another and with a control computer 203 that provides each computing device 201 with access to shared resources.
  • the computing devices 201 and the control computer 203 can communicate via a network 104 such as any network 104 described herein.
  • the computing device 201 and the control computer can be any computer 101 described herein.
  • the control computer 203 can include a NIC 316 such as any NIC 316 described herein. Further, the control computer 203 can communicate with the other computer 201 via a network 104 and the NIC 316 of the control computer 203.
  • Generating a lifecycle event can occur before or after the lifecycle event occurs.
  • the virtual machine 232 can generate the lifecycle notification in response to the occurrence of the lifecycle event. For example, when starting a virtual machine 232, the lifecycle event is generated after the virtual machine 232 boots.
  • the VIF object(s) 332 can be interface objects executing or stored within the virtual machine 232 that generated the lifecycle event. For example, when a virtual machine starts, the network policy engine 322 or some other application executing within the control virtual machine 340 identifies the VIF object(s) 332 within the virtual machine 232 that started.
  • the method 400 described in Figure 4 can include identifying one or more VIF objects 332 and one or more network objects 335. Similarly, the method 400 can include identifying any combination of VIF objects 332 and network objects 335. For example, two VIF objects 332 can correspond to a single network object 335, while in other embodiments a single VIF object 332 can correspond to multiple network objects 335.
  • control program 220 may intercept a lifecycle event that requires selecting a server to execute a virtual machine, application or service. For example, when booting a virtual machine 232, the control program 220 may need to select a physical computer 201 that has an adequate amount of resources to service the virtual machine 232. In this example, the control program 220 may have to select a server or computer to execute the virtual machine 232. Selecting the server or computer, in some embodiments, can be a process based in part on network policies associated with the virtual machine 232 via a VIF object, a virtualization environment 302 or a user.
  • the control program 220 or network policy engine 322 can use the identified network policies 320 to parse the toolstack 224 metadata for a VIF object 332 and network object 335 that satisfies the policies 320.
  • the network policy engine 322 can select a particular, low level network implementation that satisfies the network policy 320 constraints and the connections imposed by the VIF object(s) 332 and the network object(s) 335. In some embodiments selecting this network implementation may include performing an exhaustive or heuristic search. In some embodiments, there may be multiple network implementations that satisfy the network constraints required by the policy 320 and the VIF object/network object.

Landscapes

  • Engineering & Computer Science (AREA)
  • Software Systems (AREA)
  • Theoretical Computer Science (AREA)
  • General Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Computer Security & Cryptography (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computing Systems (AREA)
  • Computer Hardware Design (AREA)
  • Computer And Data Communications (AREA)
  • Stored Programmes (AREA)
EP11159372.9A 2010-03-23 2011-03-23 Implémentation de politique de réseau pour appareil de machine multi-virtuelle Active EP2378711B1 (fr)

Priority Applications (1)

Application Number Priority Date Filing Date Title
EP15175954.5A EP2958257B1 (fr) 2010-03-23 2011-03-23 Implémentation de politique de réseau pour appareil de machine multi-virtuelle

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US12/729,772 US8887227B2 (en) 2010-03-23 2010-03-23 Network policy implementation for a multi-virtual machine appliance within a virtualization environtment

Related Child Applications (2)

Application Number Title Priority Date Filing Date
EP15175954.5A Division EP2958257B1 (fr) 2010-03-23 2011-03-23 Implémentation de politique de réseau pour appareil de machine multi-virtuelle
EP15175954.5A Division-Into EP2958257B1 (fr) 2010-03-23 2011-03-23 Implémentation de politique de réseau pour appareil de machine multi-virtuelle

Publications (2)

Publication Number Publication Date
EP2378711A1 true EP2378711A1 (fr) 2011-10-19
EP2378711B1 EP2378711B1 (fr) 2015-08-12

Family

ID=44512352

Family Applications (2)

Application Number Title Priority Date Filing Date
EP15175954.5A Active EP2958257B1 (fr) 2010-03-23 2011-03-23 Implémentation de politique de réseau pour appareil de machine multi-virtuelle
EP11159372.9A Active EP2378711B1 (fr) 2010-03-23 2011-03-23 Implémentation de politique de réseau pour appareil de machine multi-virtuelle

Family Applications Before (1)

Application Number Title Priority Date Filing Date
EP15175954.5A Active EP2958257B1 (fr) 2010-03-23 2011-03-23 Implémentation de politique de réseau pour appareil de machine multi-virtuelle

Country Status (3)

Country Link
US (2) US8887227B2 (fr)
EP (2) EP2958257B1 (fr)
CN (1) CN102202049B (fr)

Families Citing this family (46)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
FR2972548B1 (fr) * 2011-03-08 2013-07-12 Thales Sa Dispositif pour l'amelioration de la tolerance aux fautes d'un processeur
US9634849B2 (en) 2011-07-11 2017-04-25 Oracle International Corporation System and method for using a packet process proxy to support a flooding mechanism in a middleware machine environment
US8739273B2 (en) 2011-07-11 2014-05-27 Oracle International Corporation System and method for supporting subnet management packet (SMP) firewall restrictions in a middleware machine environment
CN102307153A (zh) * 2011-10-14 2012-01-04 王宁 一种虚拟桌面传输设备和方法
US9294351B2 (en) * 2011-11-10 2016-03-22 Cisco Technology, Inc. Dynamic policy based interface configuration for virtualized environments
WO2013126442A1 (fr) * 2012-02-20 2013-08-29 Virtustream Canada Holdings, Inc. Systèmes faisant intervenir un pare-feu pour trafic de machines virtuelles et procédés de traitement d'informations associées à ceux-ci
US9088570B2 (en) 2012-03-26 2015-07-21 International Business Machines Corporation Policy implementation in a networked computing environment
US9195518B1 (en) * 2012-03-27 2015-11-24 Vmware, Inc. System and method for communicating production virtual machine access events to a service appliance in a virtualized environment
US8949931B2 (en) 2012-05-02 2015-02-03 Cisco Technology, Inc. System and method for monitoring application security in a network environment
US8843926B2 (en) * 2012-06-11 2014-09-23 Pristine Machine Guest operating system using virtualized network communication
CN103684838B (zh) * 2012-09-25 2017-02-08 华为技术有限公司 虚拟机的网络策略配置方法及装置、系统
US9355040B2 (en) 2012-10-08 2016-05-31 International Business Machines Corporation Adjunct component to provide full virtualization using paravirtualized hypervisors
US9355032B2 (en) 2012-10-08 2016-05-31 International Business Machines Corporation Supporting multiple types of guests by a hypervisor
US9280488B2 (en) 2012-10-08 2016-03-08 International Business Machines Corporation Asymmetric co-existent address translation structure formats
US9740624B2 (en) 2012-10-08 2017-08-22 International Business Machines Corporation Selectable address translation mechanisms within a partition
US9348757B2 (en) 2012-10-08 2016-05-24 International Business Machines Corporation System supporting multiple partitions with differing translation formats
US9600419B2 (en) 2012-10-08 2017-03-21 International Business Machines Corporation Selectable address translation mechanisms
EP2907023B1 (fr) 2012-10-12 2021-04-07 Citrix Systems, Inc. Exécution de cycles de redémarrage, programme de redémarrage et redémarrage à la demande
US9015714B2 (en) * 2012-11-27 2015-04-21 Citrix Systems, Inc. Diagnostic virtual machine created to monitor cluster of hypervisors based on user requesting assistance from cluster administrator
WO2014094287A1 (fr) * 2012-12-21 2014-06-26 华为技术有限公司 Procédé de configuration d'une politique de commande de machine virtuelle et échange
US9219937B2 (en) 2013-01-10 2015-12-22 Yona Shaposhnik Universal multiplexer for content channels via injecting
KR20140103559A (ko) * 2013-02-18 2014-08-27 한국전자통신연구원 웹 기반 콘텐츠 서비스 이동을 위한 객체 이동 시스템 및 방법
US9246774B2 (en) 2013-02-21 2016-01-26 Hewlett Packard Enterprise Development Lp Sample based determination of network policy violations
EP2960784A4 (fr) * 2013-02-21 2016-09-14 Nec Corp Système de virtualisation
CN103268250A (zh) * 2013-04-23 2013-08-28 深圳市京华科讯科技有限公司 基于虚拟化的内存复用系统
US20140359127A1 (en) * 2013-06-03 2014-12-04 Microsoft Corporation Zero touch deployment of private cloud infrastructure
CN103441986B (zh) * 2013-07-29 2017-05-17 中国航天科工集团第二研究院七〇六所 一种瘦客户端模式的数据资源安全管控方法
CN105659534A (zh) * 2013-09-16 2016-06-08 慧与发展有限责任合伙企业 多虚拟化方案选择
WO2015070376A1 (fr) * 2013-11-12 2015-05-21 华为技术有限公司 Procédé et système pour réaliser la sécurité de virtualisation
CN104717181B (zh) * 2013-12-13 2018-10-23 中国电信股份有限公司 虚拟安全网关的安全策略配置系统与方法
US9785576B2 (en) * 2014-03-27 2017-10-10 Intel Corporation Hardware-assisted virtualization for implementing secure video output path
US10530837B2 (en) * 2014-04-10 2020-01-07 International Business Machines Corporation Always-on monitoring in the cloud
US9413740B2 (en) * 2014-07-22 2016-08-09 Microsoft Technology Licensing, Llc Establishing secure computing devices for virtualization and administration
DE102014218215A1 (de) * 2014-09-11 2016-03-17 Siemens Aktiengesellschaft System zur Unterstützung bei intermittierender Konnektivität, ein entsprechendes lokales Gerät sowie eine entsprechende Rechnerwolken-Plattform
WO2016045082A1 (fr) * 2014-09-26 2016-03-31 华为技术有限公司 Procede, dispositif et systeme de mise en oeuvre de politique
CN104408016B (zh) * 2014-10-14 2017-09-19 张世寅 受引导器控制的计算机智能设备及该设备的控制方法
US9766919B2 (en) * 2015-03-05 2017-09-19 Vmware, Inc. Methods and apparatus to select virtualization environments during deployment
CN107155403B (zh) * 2015-03-26 2019-11-29 华为技术有限公司 一种生命周期事件的处理方法及vnfm
US20160283259A1 (en) * 2015-03-28 2016-09-29 Mcafee, Inc. Management of agentless virtual machines via security virtual appliance
CN105162788B (zh) * 2015-09-17 2019-07-26 深信服科技股份有限公司 网络权限的控制系统及方法
EP3226135A3 (fr) * 2016-03-30 2018-01-31 AppFormix, Inc. Mise en oeuvre et gestion de politique d'infrastructure en nuage en temps réel
US10505791B2 (en) 2016-12-16 2019-12-10 Futurewei Technologies, Inc. System and method to handle events using historical data in serverless systems
US10868742B2 (en) 2017-03-29 2020-12-15 Juniper Networks, Inc. Multi-cluster dashboard for distributed virtualization infrastructure element monitoring and policy control
US10838747B2 (en) * 2017-12-14 2020-11-17 Hewlett Packard Enterprise Development Lp Virtual appliances
CN111262740B (zh) * 2020-01-18 2022-12-23 苏州浪潮智能科技有限公司 一种通过网络策略模板创建云主机的方法、系统及设备
US12069051B2 (en) 2022-05-13 2024-08-20 Cisco Technology, Inc. Authentication and enforcement of differentiated policies for a bridge mode virtual machine behind a wireless host in a MAC-based authentication network

Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070113273A1 (en) * 2005-11-16 2007-05-17 Juniper Networks, Inc. Enforcement of network device configuration policies within a computing environment
WO2008112769A2 (fr) * 2007-03-12 2008-09-18 Citrix Systems, Inc. Systèmes et procédés de configuration, application et gestion de procédures de sécurité
WO2009042919A2 (fr) * 2007-09-26 2009-04-02 Nicira Networks Système d'exploitation de réseau pour la gestion et la sécurisation des réseaux

Family Cites Families (10)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
GB2419701A (en) * 2004-10-29 2006-05-03 Hewlett Packard Development Co Virtual overlay infrastructure with dynamic control of mapping
US7694298B2 (en) 2004-12-10 2010-04-06 Intel Corporation Method and apparatus for providing virtual server blades
US9137251B2 (en) * 2005-03-16 2015-09-15 Fortinet, Inc. Inheritance based network management
US8370819B2 (en) * 2005-03-25 2013-02-05 Microsoft Corporation Mechanism to store information describing a virtual machine in a virtual disk image
US20070174429A1 (en) * 2006-01-24 2007-07-26 Citrix Systems, Inc. Methods and servers for establishing a connection between a client system and a virtual machine hosting a requested computing environment
US8458695B2 (en) * 2006-10-17 2013-06-04 Manageiq, Inc. Automatic optimization for virtual systems
US8949826B2 (en) * 2006-10-17 2015-02-03 Managelq, Inc. Control and management of virtual systems
US8667556B2 (en) * 2008-05-19 2014-03-04 Cisco Technology, Inc. Method and apparatus for building and managing policies
US20100199351A1 (en) * 2009-01-02 2010-08-05 Andre Protas Method and system for securing virtual machines by restricting access in connection with a vulnerability audit
US8844040B2 (en) * 2009-03-20 2014-09-23 Citrix Systems, Inc. Systems and methods for using end point auditing in connection with traffic management

Patent Citations (3)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US20070113273A1 (en) * 2005-11-16 2007-05-17 Juniper Networks, Inc. Enforcement of network device configuration policies within a computing environment
WO2008112769A2 (fr) * 2007-03-12 2008-09-18 Citrix Systems, Inc. Systèmes et procédés de configuration, application et gestion de procédures de sécurité
WO2009042919A2 (fr) * 2007-09-26 2009-04-02 Nicira Networks Système d'exploitation de réseau pour la gestion et la sécurisation des réseaux

Also Published As

Publication number Publication date
CN102202049A (zh) 2011-09-28
EP2958257B1 (fr) 2018-08-29
US20150040183A1 (en) 2015-02-05
CN102202049B (zh) 2014-03-12
US9344334B2 (en) 2016-05-17
US8887227B2 (en) 2014-11-11
US20110239268A1 (en) 2011-09-29
EP2958257A1 (fr) 2015-12-23
EP2378711B1 (fr) 2015-08-12

Similar Documents

Publication Publication Date Title
EP2958257B1 (fr) Implémentation de politique de réseau pour appareil de machine multi-virtuelle
US10929344B2 (en) Trusted file indirection
US10938642B2 (en) Network offering in cloud computing environment
US9038083B2 (en) Virtual machine provisioning based on tagged physical resources in a cloud computing environment
US8413142B2 (en) Storage optimization selection within a virtualization environment
US9092249B2 (en) Remote rendering of three-dimensional images using virtual machines
EP2442226B1 (fr) Attribution de machines virtuelles conformément aux mesures des machines virtuelles spécifiques aux utilisateurs
US8560826B2 (en) Secure virtualization environment bootable from an external media device
US20120117611A1 (en) Controlling information disclosure during application streaming and publishing
WO2013112538A1 (fr) Chiffrement de mise en mémoire
HK1168162B (en) Allocating virtual machines according to user-specific virtual machine metrics

Legal Events

Date Code Title Description
AK Designated contracting states

Kind code of ref document: A1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

AX Request for extension of the european patent

Extension state: BA ME

PUAI Public reference made under article 153(3) epc to a published international application that has entered the european phase

Free format text: ORIGINAL CODE: 0009012

17P Request for examination filed

Effective date: 20120416

GRAP Despatch of communication of intention to grant a patent

Free format text: ORIGINAL CODE: EPIDOSNIGR1

RIC1 Information provided on ipc code assigned before grant

Ipc: H04L 29/08 20060101ALI20150212BHEP

Ipc: G06F 9/455 20060101ALI20150212BHEP

Ipc: H04L 12/24 20060101AFI20150212BHEP

INTG Intention to grant announced

Effective date: 20150313

GRAS Grant fee paid

Free format text: ORIGINAL CODE: EPIDOSNIGR3

GRAA (expected) grant

Free format text: ORIGINAL CODE: 0009210

AK Designated contracting states

Kind code of ref document: B1

Designated state(s): AL AT BE BG CH CY CZ DE DK EE ES FI FR GB GR HR HU IE IS IT LI LT LU LV MC MK MT NL NO PL PT RO RS SE SI SK SM TR

REG Reference to a national code

Ref country code: GB

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: CH

Ref legal event code: EP

REG Reference to a national code

Ref country code: AT

Ref legal event code: REF

Ref document number: 742970

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150815

REG Reference to a national code

Ref country code: IE

Ref legal event code: FG4D

REG Reference to a national code

Ref country code: DE

Ref legal event code: R096

Ref document number: 602011018586

Country of ref document: DE

REG Reference to a national code

Ref country code: LT

Ref legal event code: MG4D

REG Reference to a national code

Ref country code: AT

Ref legal event code: MK05

Ref document number: 742970

Country of ref document: AT

Kind code of ref document: T

Effective date: 20150812

REG Reference to a national code

Ref country code: NL

Ref legal event code: MP

Effective date: 20150812

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: LV

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: NO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20151112

Ref country code: FI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: GR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20151113

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 6

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: PL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: HR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: SE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: AT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: IS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20151212

Ref country code: PT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20151214

Ref country code: ES

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: RS

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: NL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: EE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: IT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: CZ

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: SK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: DK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

REG Reference to a national code

Ref country code: DE

Ref legal event code: R097

Ref document number: 602011018586

Country of ref document: DE

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: RO

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

PLBE No opposition filed within time limit

Free format text: ORIGINAL CODE: 0009261

STAA Information on the status of an ep patent application or granted ep patent

Free format text: STATUS: NO OPPOSITION FILED WITHIN TIME LIMIT

26N No opposition filed

Effective date: 20160513

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: SI

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: BE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20160331

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MC

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: LU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20160323

REG Reference to a national code

Ref country code: CH

Ref legal event code: PL

REG Reference to a national code

Ref country code: IE

Ref legal event code: MM4A

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BE

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: LI

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20160331

Ref country code: CH

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20160331

Ref country code: IE

Free format text: LAPSE BECAUSE OF NON-PAYMENT OF DUE FEES

Effective date: 20160323

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 7

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

REG Reference to a national code

Ref country code: FR

Ref legal event code: PLFP

Year of fee payment: 8

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: CY

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: HU

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT; INVALID AB INITIO

Effective date: 20110323

Ref country code: SM

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: MT

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20160331

Ref country code: MK

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

Ref country code: TR

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: BG

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

PG25 Lapsed in a contracting state [announced via postgrant information from national office to epo]

Ref country code: AL

Free format text: LAPSE BECAUSE OF FAILURE TO SUBMIT A TRANSLATION OF THE DESCRIPTION OR TO PAY THE FEE WITHIN THE PRESCRIBED TIME-LIMIT

Effective date: 20150812

REG Reference to a national code

Ref country code: DE

Ref legal event code: R079

Ref document number: 602011018586

Country of ref document: DE

Free format text: PREVIOUS MAIN CLASS: H04L0012240000

Ipc: H04L0041000000

P01 Opt-out of the competence of the unified patent court (upc) registered

Effective date: 20230521

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: GB

Payment date: 20240221

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: FR

Payment date: 20240220

Year of fee payment: 14

PGFP Annual fee paid to national office [announced via postgrant information from national office to epo]

Ref country code: DE

Payment date: 20250218

Year of fee payment: 15

GBPC Gb: european patent ceased through non-payment of renewal fee

Effective date: 20250323